ARS5
This is a keyed family of counter-based BRNGs. The state consists of 128-bit integer counter
c
and a 128-bit key
k
. The BRNG is based on the AES encryption algorithm [FIPS-197]. The 32-bit output is obtained in the following way [Salmon2011]:
- Thei-th number is defined by the following formula:=ri(f(i/4) >> ((i mod 4) * 32) mod 232
- Functionf(c)takes 128-bit input and produces 128-bit result obtained in the following way:
- Putc0=c xor kandk0=k.
- The following recurrence is calculated N times:
- ci+1=SubBytes(c)
- ci+1=ShiftRows(c)i+1
- ci+1=MixColumns(, this step is omitted ifc)i+1i + 1 = N
- ci+1=AddRoundKey(c,i+1k)j
- Lo(ki+1=)Lo(+ 0x9E3779B97F4A7C15k)Hi(ki+1=)Hi(+ 0xBB67AE8584CAA73Bk)
- Putf(c) = cN, whereN= 5
- Real output:un= (int)rn/232+ ½
Specification for the
SubBytes
,
ShiftRows
,
MixColumns
and
AddRoundKey
functions can be found in [FIPS-197].
Real Implementation (Single and Double Precision)
The output vector is the sequence of the floating-point values
u
0
,
u
1
, ...
Integer Implementation
The output vector of 32-bit integers
r
0
,
r
1
, ...
Stream Initialization by Function
vslNewStream
vslNewStream
ARS5 generates the stream and initializes it specifying the 32-bit input integer parameter seed. The stream state is two 128-bit numbers
c
and
k
initialized in the following way:
- Assumek= seed.
- Assumec= 0.
Stream Initialization by Function
vslNewStreamEx
vslNewStreamEx
ARS5 generates the stream and initializes it specifying the array
params[]
of
n
32-bit integers:
- Ifn= 0, assumec=k= 0.
- Ifn= 1, assumek= params[0],c= 0.
- Ifn= 2, assumek= params[0] + params[1]*232,c= 0.
- Ifn= 3, assumek= params[0] + params[1]*232+ params[2]*264,c= 0.
- Ifn= 4, assumek= params[0] + params[1]*232+ params[2]*264+ params[3]*296,c= 0.
- Ifn= 5, assumek= params[0] + params[1]*232+ params[2]*264+ params[3]*296,c= params[4].
- Ifn= 6, assumek= params[0] + params[1]*232+ params[2]*264+ params[3]*296,c= params[4] + params[5]*232.
- Ifn= 7, assumek= params[0] + params[1]*232+ params[2]*264+ params[3]*296,c= params[4] + params[5]*232+ params[6]*264.
- Ifn>= 8, assumek= params[0] + params[1]*232+ params[2]*264+ params[3]*296,c= params[4] + params[5]*232+ params[6]*264+ params[7]*296.
Subsequences Selection Methods
| Supported
|
| Supported
|
| Not supported
|
Generator Period
Empirical Testing Results Summary
Test Name
|
|
|
|
|
|---|---|---|---|---|
3D Spheres Test
| OK (20% errors)
| OK (20% errors)
| Not applicable
| OK (20% errors)
|
Birthday Spacing Test
| Not applicable
| Not applicable
| Not applicable
| OK (0% errors)
|
Bitstream Test
| Not applicable
| Not applicable
| Not applicable
| OK (15% errors)
|
Rank of 31x31 Binary Matrices Test
| Not applicable
| Not applicable
| Not applicable
| OK (0% errors)
|
Rank of 32x32 Binary Matrices Test
| Not applicable
| Not applicable
| Not applicable
| OK (0% errors)
|
Rank of 6x8 Binary Matrices Test
| Not applicable
| Not applicable
| Not applicable
| OK (0% errors)
|
Counts-the-1’s Test (stream of bits)
| Not applicable
| Not applicable
| Not applicable
| OK (0% errors)
|
Counts-the-1’s Test (stream of specific bytes)
| Not applicable
| Not applicable
| Not applicable
| OK (0% errors)
|
Craps Test
| OK (30% errors)
| OK (30% errors)
| OK (30% errors)
| OK (30% errors)
|
Parking Lot Test
| OK (10% errors)
| OK (10% errors)
| Not applicable
| OK (10% errors)
|
2D Self-Avoiding Random Walk Test
| OK (20% errors)
| OK (10% errors)
| Not applicable
| OK (10% errors)
|
- The tabulated data is obtained using the one-level (threshold) testing technique. The OK result indicates FAIL < 50%. The run fails when p-value falls outside the interval [0.05, 0.95].
- The stream tested is generated by calling the functionvslNewStreamwith seed=7,777,777.